0

I have a html table that is converted to JSON and sent over via AJAX to PHP. I've decoded the JSON object and now have a PHP array. I'd like to insert this array or rather the contents of it into a MySQL database.

I'm confused on some of the methodologies out there. what is the ideal method to prevent SQL injection? I see a number of methods that look like so;

 foreach ($array as $key => $value) 
    {
        $price = $array["price"][$key];
        ...................................
    }

this doesn't seem to work, or at least I can't get php to print or echo out what $price is.

I've tried this:

     foreach ($array as $key => $value) 
         {
           $price = $value["price"];
          ...................................
         }

This i can get echo or print_r to display the value.

First question is: what is the purpose of $key here in terms of inserting these values into MySQ? Second is: why doesn't the first one return the expected result, like that of the second code snippet? echo should display the value of $price? Lastly, from this assuming both methods are valid, an insert statement like below is correct for actually pushing the data into MySQL?

       $sql = mysql_query("insert into Daily_Requests values ('','$price','$item','$etc...','$etc....')");

Regards

EDIT

Here is my JSON:

[{"Price":"5000","Manufacturer":"Newton","Model":"84x26x10 43u","Model_info":"Newton 84x26x10 43u","Type":"Rack","Height_in":"83.97637795","Height_mm":"2133","Width_in":"25.98425197","Width_mm":"660","Description":"Newton 84x26x10 43u","Depth_in":"10","Depth_mm":"254","Mount_Type":"Floor Mount","Rack_UNITS":"43","Rack_INSIDE_HEIGHT_mm":"1911","Rack_INSIDE_WIDTH_mm":"584","Rack_INSIDE_DEPTH_mm":"","ASSET_TYPE":"Rack","Phases":"","Status":"","Date":"2017-01-11","Submitted":"","Image File / Web Info":"","Site":"Orlando"}]
Improve this question
7
  • 5
    WARNING: If you're just learning PHP, please, do not learn the obsolete mysql_query interface. It's awful and has been removed in PHP 7. A replacement like PDO is not hard to learn and a guide like PHP The Right Way helps explain best practices. Make sure your user parameters are properly escaped or you will end up with severe SQL injection bugs. Commented Jan 13, 2017 at 2:08
  • 2
    Hint: The right way to do this is to use prepared statements with placeholder values. Commented Jan 13, 2017 at 2:09
  • please add the structure of JSON you are getting in question. It'll become more clear then. Commented Jan 13, 2017 at 2:11
  • what is the purpose of $key here in terms of inserting these values into MySQ? --> it just array's key, try to print_r($array) first and take a look on you array. basically i'm saying $price = $value["price"] is like accessing $value[$key]["price"] in for($key = 0; $key < count($array); $key++){..} -- if the key is indeed an integer. Commented Jan 13, 2017 at 2:12
  • The procedure will depend on the JSON structure. Please provide an example of the JSON data. Commented Jan 13, 2017 at 2:26

2 Answers 2

Reset to default
2

Once you enter the loop 

foreach ($array as $key => $value) {
    #loop entered here after open

    #each value of the array is accessible

    #end loop here before close
     }

With $key being the index value of the array as an integer and $value as the actual variable holding the value at that index. $array inside the loop is the same as outside loop. $value represents the slice of that array.

once you load the data into a new variable as $price = $value["price"] it is available until the close of the loop and resets to the new value when looped over again.

So your SQL statement out of the loop will contain the last values held by $array.

Improve this answer
2
  • This makes sense, I think. $key is just the 'dynamic index' of that currently accessed slice of the array? While $value is the literal value of that specific $key. Once the loop closes that $key changes and thus the $value. So when I attempted to echo $price, I'm not accessing the value but rather that slice of the array? $price = $array["price"][$key];therefore I should access it as you did via:$price = $value["price"]? Commented Jan 13, 2017 at 16:17
  • by stating $price = $value["price"] you have loaded $pricewith the value held by $value["price"]. So just echoing $price will be the same is echoing $value["price"] Commented Jan 13, 2017 at 21:49
0

Whenever you have doubts about how to access or loop throuhg the elements of an array, use var_dump to visualize its structure.

I see you have an array of objects and I understand that each object is a row. So:

foreach($array as $object) {
    //Here you have each object in $object
    //$object is {"Price":"5000","Manufacturer":"Newton",...}

    //Lets build the query to insert this row. I'm gonna do this with a query string as you're already using mysql_query, but as suggested you should migrate to PDO.

    $query='';

    foreach($object as $key=>$value) {
        //To answer your $key question, here $key are Price, Manufacturer, Model, etc and $value are the correspondig values for each key

        if($query) $query.=','; //add the comma if it's not the fist var
        $query.='`'.mysql_real_escape_string($key).'`=\' '.mysql_real_escape_string($value).'\'';
    }

    $query='insert into Daily_Requests set '.$query;

    mysql_query($query);
}
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.